Why Cybersecurity Doesn’t Stop Attacks

DOMINIC BARTON: Current models for cybersecurity are becoming less and less effective in the face of more sophisticated attacks. They tend to be compliance- or technology-driven and are highly manual–making them difficult to scale. All too often as well, security is the bottleneck for innovative business initiatives.

From the research we did with the World Economic Forum and presented at Davos in January, there is emerging consensus around what institutions need to do to protect themselves:

■ Use testing and gaming to build capabilities to respond to a breach

■ Integrate cybersecurity into the organization’s full set of risk management and governance processes

■ Differentiate protection based on level of risk and importance of information assets

■ Leverage intelligence and analytics to uncover attacks early (e.g., recent attacks on retailers and other companies have shown that compliance is an inadequate standard for security).

In addition, companies will not be able to achieve cyber-resiliency by themselves–law enforcement, regulators, policy-makers, industry associations and technology companies all have important roles to play as well.